Security Vulnerabilities - CVEs Published In October 2021
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-10-07
Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
CVSS Score
7.2
EPSS Score
0.011
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.
CVSS Score
9.8
EPSS Score
0.032
Published
2021-10-07
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two "X-Endpoint-API-UserInfo" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the "X-Endpoint-API-UserInfo" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag ":1", needs to re-start the container to pick up the new version. The tag ":1" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. ":1.57". You need to update it to ":1.58" and re-start the container. There are no workaround for this issue.
CVSS Score
6.4
EPSS Score
0.001
Published
2021-10-07
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-07
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-10-07
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-10-07
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-07